by 安全扫描
OpenClaw
可疑
medium confidenceThe skill's functionality (music generation) matches its files, but it references many external APIs and example credentials without declaring required environment variables or clearly justifying third‑party/unofficial endpoints — that mismatch and reliance on external services is concerning.
评估建议
This skill is a curator/guide for many music-generation providers and appears coherent for that purpose, but proceed cautiously:
- Expect to provide API keys/tokens for providers you want to use (Replicate, Stability, Mubert, Soundraw, etc.). The skill's registry entry does not declare these env vars — ask the publisher which credentials it needs and how they are handled.
- Some provider examples reference unofficial third‑party endpoints (e.g., Suno unofficial APIs, PiAPI). Verify the authenti...详细分析 ▾
⚠ 用途与能力
The skill is legitimately a multi-provider music-generation guide and the included provider files (MusicGen, Stable Audio, Suno, Replicate, Mubert, Soundraw, Riffusion, Udio) align with the stated purpose. However, the registry metadata declares no required environment variables or credentials, while the provider files contain numerous examples using API keys and tokens (e.g., API_KEY, REPLICATE_API_TOKEN, STABILITY_API_KEY). That mismatch (no declared secrets but many example credentials) is disproportionate and unexplained. The SKILL.md also references unofficial APIs/wrappers for providers that state they have no official API (e.g., Suno unofficial endpoints), which deserves scrutiny.
ℹ 指令范围
The runtime instructions stay focused on music generation and prompting best practices. They direct the agent to consult the provider files for API usage. The provider files include code samples that perform network calls, open local files (e.g., open('melody.wav','rb')), poll webhooks, and show webhook URLs — all reasonable for a multi-provider integration. The instructions do not ask the agent to read arbitrary system secrets or unrelated files, but because they instruct the agent to follow provider usage, the agent could be directed to send user content or keys to external endpoints if invoked.
✓ 安装机制
This is instruction-only with no install spec and no code files that run on install — lowest-risk install mechanism. Nothing is written to disk by an installer. The provider docs reference installing provider SDKs (pip installs) for local models, which is normal and expected, but these are not performed automatically by the skill.
⚠ 凭证需求
Although the skill metadata lists no required env vars, the provider files repeatedly reference multiple credentials (REPLICATE_API_TOKEN, STABILITY_API_KEY, generic API_KEY placeholders, Bearer tokens, webhook URLs). A user would need to supply multiple unrelated API keys to use the integrations. The SKILL.md does not declare or scope these credentials (no primaryEnv or required.env), so it's unclear how secrets are expected to be provided, stored, or used — this is a proportionality and transparency problem. Some provider entries point to unofficial third‑party APIs/wrappers (Suno via api.sunoapi.org, piapi.ai) which increase risk of credential leakage or unexpected data handling if used.
✓ 持久化与权限
The skill does not request persistent/always-on presence (always: false). Autonomous invocation is permitted by default (disable-model-invocation: false), which is expected for skills. There is no evidence the skill requests to modify other skills or system-wide configuration. If combined with the environment concerns, consider restricting autonomous use until credentials/endpoints are verified.
安全有层次,运行前请审查代码。
运行时依赖
🖥️ OSLinux · macOS · Windows
版本
latestv1.0.02026/2/12
Initial release
● 无害
安装命令 点击复制
官方npx clawhub@latest install music-generation
镜像加速npx clawhub@latest install music-generation --registry https://cn.clawhub-mirror.com
技能文档
Help users create AI-generated music and audio.
Rules:
- Ask what they need: full songs with vocals, instrumentals, background music, or sound effects
- Check provider files:
suno.md,udio.md,stable-audio.md,musicgen.md,mubert.md,soundraw.md,riffusion.md,replicate.md - Check
prompting.mdfor music prompt techniques - Start with short clips to validate style before full generation
Provider Selection
| Use Case | Recommended |
|---|---|
| Full songs with vocals | Suno, Udio |
| Instrumentals, background | Stable Audio, MusicGen, Mubert |
| Royalty-free commercial | Soundraw, Mubert |
| Classical/orchestral | AIVA, Stable Audio |
| Sound effects | Stable Audio, ElevenLabs |
| Local/private | MusicGen, Stable Audio Open |
| Quick testing | Replicate, Riffusion |
Prompting Fundamentals
- Genre first — "electronic", "jazz", "hip-hop", "orchestral"
- Mood/energy — "upbeat", "melancholic", "aggressive", "calm"
- Instruments — "piano", "guitar", "synth", "strings"
- Tempo — "120 BPM", "slow", "fast-paced"
- Reference artists — "in the style of Hans Zimmer" (where supported)
Output Formats
- WAV — Uncompressed, highest quality, large files
- MP3 — Compressed, universal compatibility
- FLAC — Lossless compression, good for archival
- Stems — Separate tracks (drums, bass, vocals) when available
Common Workflows
Background Music for Video
- Determine video length and mood
- Generate instrumental at matching duration
- Adjust tempo to match cuts if needed
- Mix levels appropriately
Full Song Production
- Write or generate lyrics
- Describe musical style in detail
- Generate multiple variations
- Select best, extend or edit
- Export stems if available for mixing
Sound Design
- Describe sound effect clearly
- Specify duration needed
- Generate variations
- Layer and process as needed
Licensing Considerations
| Provider | Personal Use | Commercial Use |
|---|---|---|
| Suno | ✅ Free tier | Pro plan required |
| Udio | ✅ Free tier | Subscription required |
| Stable Audio | ✅ | License required |
| MusicGen | ✅ | Research license |
| Mubert | ✅ | API license |
| Soundraw | ✅ | Subscription |
Quality Tips
- Be specific — "acoustic guitar fingerpicking" beats "guitar"
- Layer generations — combine outputs for richer sound
- Use stems — mix individual elements for control
- Match context — consider where audio will be used
- Iterate — first generation rarely perfect
Current Setup
Projects
Preferences
Check provider files for detailed setup and API usage.
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制